package com.cskaoyan.filter;

import com.cskaoyan.utils.Constant;

import javax.servlet.*;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.io.UnsupportedEncodingException;

/**
 * @Author Pudding
 * @Date 2024/5/26 18:23
 * CORS跨域配置 → 请求 由一个位置 发送到另外一个位置的时候ip地址或端口号产生了变化，为了做资源的共享
 */
@WebFilter("/*")
public class CorsFilter implements Filter {

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        //1. 这是处理请求和响应的乱码问题
        characterEncodingFilter(servletRequest, servletResponse);

        //2. 这个是一个跨域的配置
        crossOrigin(servletResponse);
        HttpServletRequest request = (HttpServletRequest) servletRequest;

        //OPTIONS请求不想要 执行下面的业务代码
        if ("OPTIONS".equals(request.getMethod())){
            filterChain.doFilter(servletRequest,servletResponse); //直接放行就行
            return; //中断当前filter的执行
        }

        //1.1 filter中如果是登录请求，则放行
        if ("/admin/auth/login".equals(request.getRequestURI())){
            filterChain.doFilter(servletRequest,servletResponse); //放行，执行到对应的servlet方法
            return;
        }

        //1.2 文件放行
        if ("/admin/storage/create".equals(request.getRequestURI())){
            filterChain.doFilter(servletRequest,servletResponse); //放行，执行到对应的servlet方法
            return;
        }

        //2. 如果是已经登录过的情况下，也可以放行
        //使用session来判断是否已经登录
        HttpSession session = request.getSession();
        boolean isLogin = session.getAttribute(Constant.ADMIN_KEY) != null;
        if (isLogin){
            filterChain.doFilter(servletRequest,servletResponse); //放行
            return;
        }
    }

    private void characterEncodingFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws UnsupportedEncodingException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;

        request.setCharacterEncoding("UTF-8");
        response.setContentType("application/json;charset=utf-8");
    }


    @Override
    public void destroy() {

    }

    //发送一个OPTIONS请求，就会执行下面这个crossOrigin方法。进而提供一些响应头（许可）
    private void crossOrigin(ServletResponse servletResponse) {
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        response.setHeader("Access-Control-Allow-Origin", "http://localhost:8080"); //来源许可
        response.setHeader("Access-Control-Allow-Methods","POST,GET,OPTIONS,PUT,DELETE"); //允许哪些方法通过
        response.setHeader("Access-Control-Allow-Headers","x-requested-with,Authorization,Content-Type,X-CskaoyanMarket-Admin-Token,X-CskaoyanMarket-Token"); //允许你带哪些请求头
        response.setHeader("Access-Control-Allow-Credentials","true"); //运行携带的凭据
    }
}
